Structure of an iOS App Binary (.ipa)

Last updated January 30, 2022 by Aaron Singer

Learn the structure of an iOS App Binary (.ipa)

Appdome is a no-code mobile app security platform designed to secure iOS ipa apps without coding. This Knowledge Base article summarizes what a .ipa file is. An.ipa file is an iOS binary. This is the file format uses to package and distribute iOS mobile apps. The .ipa contains all of the required components in order for the app to successfully run.

All of Appdome’s services can be added to any iOS or Android app instantly, with no code or coding.

We hope you find it useful and enjoy using Appdome!

About .ipa files

iOS applications are bundled in a single file of type ipa (short for iOS App-store Package).

Although they come with an ipa suffix they are just regular ZIP files, you can try modifying the suffix to zip and then extracting them.
Since IPA files all have a well defined internal structure, What you’ll find inside is a single folder called, inside of which will be another folder called .app. Besides the Payload folder, you may also find other folders and files, usually for use of iTunes service.

If you are using a Mac, you might think at first that the app folder is a file, but if you right-click it, and select “Show Package Contents” you’ll be able to open it.
Inside you’ll find the following:

  • The Info.plist file – this is the file that describes the application to the iOS operating system, using a list of properties. Take the next file for example
    We can see a lot of properties here, like:

    1. Which files in the .ipa is the icon
    2. Application display name
    3. Version
    4. Unique identifier
    5. Application main executable filename
      structure of an .ipa
  • The application’s main executable – this contains the code of the application. In essence, this IS the application. All the Objective-C and Swift code punched in by your developers is encoded into this file. Just a quick reminder, the executable’s file name is determined by the Info.plist.
    One thing that’s important to know, is that the application file contains within it entitlement information. This is Apple’s name for permissions.
  • External executable libraries – other libraries the main executable use.
  • Frameworks – This is a folder that contains frameworks used by the application.
    Each framework will reside under its own folder called Frameworks/.framework and will contain its native code and resources.
    In addition, Swift applications will have the Swift runtime libraries directly under the Frameworks folder.
  • Plugins – application extensions, executed by the application.
  • Resources – documents, images, icons, video and audio files.
  • www – if the application is a web app, developed with Cordova or React Native for example, the web data will be stored in a folder named www. It may contain web pages, resources, Javascript and CSS files, and so on.
    If such an application is fused with TOTALCode obfuscation enabled, these files (which contain the bulk of the application’s intellectual property) would be encrypted.
  • Nib or storyboard files
    These files describe the UI of the application and how it interacts with it’s logic.
  • Signature information, iOS verifies all native code elements have not been modified since they were “signed” by the developer/distributer. This includes: the executable, frameworks, libraries, PlugIns (app extensions) and WatchKit.
    The signing process should follow a certain order: WatchKit, PlugIns, Frameworks (and the appdome Framework), Executable and .app folder.
  • Provisioning information (most commonly embedded.mobileprovision)
    This file determines the deployment permissions of the application. The short explanation is that as a developer, you can only install your application on a limited set of devices (so you won’t distribute an application without Apple’s approval). So, unless you published your application to the App Store (or acquired an enterprise code signature), you need to equip your application with a provisioning profile. The provisioning profile is also a plist file, and should be obtained by the developer from Apple’s developer console.
    The provisioning information contains inside it a copy of the application’s entitlements, so as you may understand, you can’t just give an application any permission you want, it must all be “authorized” by apple.

How Do I Learn More?

Check out Appdome article on .apk files or request a demo at any time.

If you have any questions, please send them our way at or via the chat window on the Appdome platform.

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.  

Have a question?

Ask an expert

TomMaking your security project a success!